Google has filed a lawsuit against over 25 unidentified individuals connected to a phishing service called Lighthouse, which allows scammers to impersonate trusted brands and steal payment card information via text messages. Filed in the Southern District of New York, the suit aims to unmask these "John Doe" defendants involved in a scheme that has victimized over a million people across 120 countries. Lighthouse is part of a broader operation known as the "Smishing Triad," which has sent millions of deceptive messages that impersonate the U.S. Postal Service and other legitimate organizations. The phishing kit simplifies the process for even inexperienced users to commit fraud. After victims enter their payment details, the phishing site tricks them into providing a one-time verification code from their bank, which the scammers then exploit to link stolen card data to mobile wallets. Google claims that the scale of these attacks is staggering, with around 25,000 phishing domains active at any given time. The lawsuit alleges trademark violations, as many of the phishing templates feature Google’s logos, and it leverages the Racketeer Influenced and Corrupt Organizations (RICO) Act to target the interconnected groups behind these scams. Researcher Ford Merrill highlighted that scammers are increasingly using Lighthouse to create fake e-commerce sites advertised through Google and Meta. Victims searching for products often fall for these traps, believing they’re getting good deals, only to realize they’ve been scammed after providing sensitive information. While Google’s lawsuit might create temporary disruptions, the lucrative nature of the Chinese phishing market suggests that such operations are unlikely to cease entirely. The lawsuit could set a precedent for future actions against these phishing networks, potentially bringing pressure on Chinese hosting companies like Tencent and Alibaba to shut down malicious sites.